Privacy-Preserving Machine Learning With Fully Homomorphic Encryption for Deep Neural Network

Joon-Woo Lee; Hyungchul Kang; Yongwoo Lee; Woosuk Choi; Jieun Eom; Maxim Deryabin; Eunsang Lee; Junghyun Lee; Donghoon Yoo; Young-Sik Kim; Jong-Seon No

doi:10.1109/ACCESS.2022.3159694

IEEE Access (Jan 2022)

Privacy-Preserving Machine Learning With Fully Homomorphic Encryption for Deep Neural Network

Joon-Woo Lee,
Hyungchul Kang,
Yongwoo Lee,
Woosuk Choi,
Jieun Eom,
Maxim Deryabin,
Eunsang Lee,
Junghyun Lee,
Donghoon Yoo,
Young-Sik Kim,
Jong-Seon No

Affiliations

Joon-Woo Lee: Department of Electrical and Computer Engineering, INMC, Seoul National University, Seoul, Republic of Korea
Hyungchul Kang: ORCiD; Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Yongwoo Lee: ORCiD; Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Woosuk Choi: Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Jieun Eom: Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Maxim Deryabin: ORCiD; Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Eunsang Lee: ORCiD; Department of Electrical and Computer Engineering, INMC, Seoul National University, Seoul, Republic of Korea
Junghyun Lee: ORCiD; Department of Electrical and Computer Engineering, INMC, Seoul National University, Seoul, Republic of Korea
Donghoon Yoo: Samsung Advanced Institute of Technology, Suwon, Republic of Korea
Young-Sik Kim: ORCiD; Department of Information and Communication Engineering, Chosun University, Gwangju, Republic of Korea
Jong-Seon No: ORCiD; Department of Electrical and Computer Engineering, INMC, Seoul National University, Seoul, Republic of Korea

DOI: https://doi.org/10.1109/ACCESS.2022.3159694
Journal volume & issue: Vol. 10
pp. 30039 – 30054

Abstract

Read online

Fully homomorphic encryption (FHE) is a prospective tool for privacy-preserving machine learning (PPML). Several PPML models have been proposed based on various FHE schemes and approaches. Although FHE schemes are suitable as tools for implementing PPML models, previous PPML models based on FHE, such as CryptoNet, SEALion, and CryptoDL, are limited to simple and nonstandard types of machine learning models; they have not proven to be efficient and accurate with more practical and advanced datasets. Previous PPML schemes replaced non-arithmetic activation functions with simple arithmetic functions instead of adopting approximation methods and did not use bootstrapping, which enables continuous homomorphic evaluations. Thus, they could neither use standard activation functions nor employ large numbers of layers. In this work, we first implement the standard ResNet-20 model with the RNS-CKKS FHE with bootstrapping and verify the implemented model with the CIFAR-10 dataset and plaintext model parameters. Instead of replacing the non-arithmetic functions with simple arithmetic functions, we use state-of-the-art approximation methods to evaluate these non-arithmetic functions, such as ReLU and Softmax, with sufficient precision. Further, for the first time, we use the bootstrapping technique of the RNS-CKKS scheme in the proposed model, which enables us to evaluate an arbitrary deep learning model on encrypted data. We numerically verify that the proposed model with the CIFAR-10 dataset shows 98.43% identical results to the original ResNet-20 model with non-encrypted data. The classification accuracy of the proposed model is 92.43%±2.65%, which is quite close to that of the original ResNet-20 CNN model (91.89%). It takes approximately 3 h for inference on a dual Intel Xeon Platinum 8280 CPU (112 cores) with 172 GB of memory. We believe that this opens the possibility of applying FHE to an advanced deep PPML model.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords